Archive for May, 2019

49 Million Instagram Influencer Records Exposed in Open Database

An AWS-hosted database was configured with no username or password required for access to personal data.
Source: DarkReading
49 Million Instagram Influencer Records Exposed in Open Database

To Narrow the Cyber Skills Gap with Attackers, Cut the Red Tape

Attackers are getting further ahead, and entrenched corporate rules shoulder much of the blame.
Source: DarkReading
To Narrow the Cyber Skills Gap with Attackers, Cut the Red Tape

CVE-2019-12189 (manageengine_servicedesk_plus)

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
Source: NIST
CVE-2019-12189 (manageengine_servicedesk_plus)

CVE-2019-12252 (manageengine_servicedesk_plus)

In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&notifyTo=SOLFORWARD&id= substring.
Source: NIST
CVE-2019-12252 (manageengine_servicedesk_plus)

CVE-2019-12190 (centos_web_panel)

XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter.
Source: NIST
CVE-2019-12190 (centos_web_panel)

You Can Always Rely on the Gay Community

Moving away from everything you know can be scary. Ian K. shares his experience of moving from his lifelong hometown to a new city, being welcomed by the locals, and the lessons we can all learn to create inclusive cultures.
Source: Symantec
You Can Always Rely on the Gay Community

KnowBe4 Focuses on Security Culture with CLTRe Acquisition

The acquisition solidifies KnowBe4’s European presence and shows a focus on building and measuring security culture.
Source: DarkReading
KnowBe4 Focuses on Security Culture with CLTRe Acquisition

CVE-2019-12253 (my_little_forum)

my little forum before 2.4.20 allows CSRF to delete posts, as demonstrated by mode=posting&delete_posting.
Source: NIST
CVE-2019-12253 (my_little_forum)

Defesa contra ameaças a dispositivos móveis da Symantec

A velha prática de gerenciamento de vulnerabilidades para mitigar riscos à segurança ainda pode (e deve) se estender para endpoints modernos
Source: Symantec
Defesa contra ameaças a dispositivos móveis da Symantec

CVE-2019-12250 (identityserver4)

IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log.
Source: NIST
CVE-2019-12250 (identityserver4)